lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 1 Feb 2024 14:59:34 +0100
From: neil.armstrong@...aro.org
To: Om Prakash Singh <quic_omprsing@...cinc.com>,
 Dmitry Baryshkov <dmitry.baryshkov@...aro.org>,
 Gaurav Kashyap <quic_gaurkash@...cinc.com>
Cc: linux-arm-msm@...r.kernel.org, linux-scsi@...r.kernel.org,
 andersson@...nel.org, ebiggers@...gle.com, srinivas.kandagatla@...aro.org,
 krzysztof.kozlowski+dt@...aro.org, conor+dt@...nel.org, robh+dt@...nel.org,
 linux-kernel@...r.kernel.org, linux-mmc@...r.kernel.org, kernel@...cinc.com,
 linux-crypto@...r.kernel.org, devicetree@...r.kernel.org,
 quic_nguyenb@...cinc.com, bartosz.golaszewski@...aro.org,
 konrad.dybcio@...aro.org, ulf.hansson@...aro.org, jejb@...ux.ibm.com,
 martin.petersen@...cle.com, mani@...nel.org, davem@...emloft.net,
 herbert@...dor.apana.org.au
Subject: Re: [PATCH v4 15/15] arm64: dts: qcom: sm8550: add hwkm support to
 ufs ice

On 01/02/2024 10:55, Om Prakash Singh wrote:
> 
> 
> On 1/28/2024 6:31 AM, Dmitry Baryshkov wrote:
>> On Sun, 28 Jan 2024 at 01:28, Gaurav Kashyap <quic_gaurkash@...cinc.com> wrote:
>>>
>>> The Inline Crypto Engine (ICE) for UFS/EMMC supports the
>>> Hardware Key Manager (HWKM) to securely manage storage
>>> keys. Enable using this hardware on sm8550.
>>>
>>> This requires two changes:
>>> 1. Register size increase: HWKM is an additional piece of hardware
>>>     sitting alongside ICE, and extends the old ICE's register space.
>>> 2. Explicitly tell the ICE driver to use HWKM with ICE so that
>>>     wrapped keys are used in sm8550.
>>>
>>> NOTE: Although wrapped keys cannot be independently generated and
>>> tested on this platform using generate, prepare and import key calls,
>>> there are non-kernel paths to create wrapped keys, and still use the
>>> kernel to program them into ICE. Hence, enabling wrapped key support
>>> on sm8550 too.
>>>
>>> Signed-off-by: Gaurav Kashyap <quic_gaurkash@...cinc.com>
>>> ---
>>>   arch/arm64/boot/dts/qcom/sm8550.dtsi | 3 ++-
>>>   1 file changed, 2 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/arch/arm64/boot/dts/qcom/sm8550.dtsi b/arch/arm64/boot/dts/qcom/sm8550.dtsi
>>> index ee1ba5a8c8fc..b5b41d0a544c 100644
>>> --- a/arch/arm64/boot/dts/qcom/sm8550.dtsi
>>> +++ b/arch/arm64/boot/dts/qcom/sm8550.dtsi
>>> @@ -1977,7 +1977,8 @@ ufs_mem_hc: ufs@...4000 {
>>>                  ice: crypto@...8000 {
>>>                          compatible = "qcom,sm8550-inline-crypto-engine",
>>>                                       "qcom,inline-crypto-engine";
>>> -                       reg = <0 0x01d88000 0 0x8000>;
>>> +                       reg = <0 0x01d88000 0 0x10000>;
>>
>> Does the driver fail gracefully with the old DT size? At least it
>> should not crash.
> When adding  qcom,ice-use-hwkm property, DT size needs to be updated.
> Without any DT change, there will be know issue.

This must be fixed in the code because new kernels could be run with older
DTs, so it should not fail with older DTs.

In this case, simply disable the HWKM if size from DT is too small.

Neil

> 
>>
>>> +                       qcom,ice-use-hwkm;
>>>                          clocks = <&gcc GCC_UFS_PHY_ICE_CORE_CLK>;
>>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ